InfoSec Handlers Diary Blog

This month we got patches for 99 vulnerabilities total. Five of them have been previously disclosed, and one was being exploited, according to Microsoft.

One of the patches fixes the CVE-2020-0674, a 0-day affecting Script Engine on Internet Explorer that has been exploited in the wild. Microsoft released an out-of-band advisory for this vulnerability on Jan, 17 ADV200001 [1] suggesting mitigations for the vulnerability - now fixed. The vulnerability could allow a malicious content to corrupt the memory in such a way an attacker could execute arbitrary code in the context of the current user.

Among the other 16 RCE vulnerabilities, it's worth also mentioning CVE-2020-0738, a memory corruption vulnerability in Media Foundation. An attacker who successfully exploited the vulnerability could allow an attacker to run arbitrary code on the impacted system. The CVSS v3 for this vulnerability is 8.80 - the highest for this month's Patch Tuesday.

It's also worth mentioning an elevation of privilege vulnerability affecting Windows SSH (CVE-2020-0757). The way Windows improperly handles Security Shell remote commands may allow an attacker to exploit the vulnerability and run arbitrary code with elevated privileges. To exploit the vulnerability, the attacker would first log into the system and run a specially crafted application.